Misc fixes for 1031ee6
.
This commit is contained in:
parent
7d2f96783c
commit
27eab81f2f
@ -1502,24 +1502,6 @@ interface(`files_dontaudit_getattr_boot_dirs',`
|
|||||||
dontaudit $1 boot_t:dir getattr;
|
dontaudit $1 boot_t:dir getattr;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## List the /boot directory.
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed access.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
interface(`files_list_boot',`
|
|
||||||
gen_require(`
|
|
||||||
type boot_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
allow $1 boot_t:dir list_dir_perms;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Search the /boot directory.
|
## Search the /boot directory.
|
||||||
@ -1556,6 +1538,24 @@ interface(`files_dontaudit_search_boot',`
|
|||||||
dontaudit $1 boot_t:dir search_dir_perms;
|
dontaudit $1 boot_t:dir search_dir_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## List the /boot directory.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`files_list_boot',`
|
||||||
|
gen_require(`
|
||||||
|
type boot_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 boot_t:dir list_dir_perms;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Create directories in /boot
|
## Create directories in /boot
|
||||||
|
@ -773,7 +773,6 @@ interface(`apache_list_sys_content',`
|
|||||||
')
|
')
|
||||||
|
|
||||||
list_dirs_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
|
list_dirs_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
|
||||||
read_lnk_files_pattern($1, httpd_sys_content_t, httpd_sys_content_t)
|
|
||||||
files_search_var($1)
|
files_search_var($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
@ -451,7 +451,7 @@ optional_policy(`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
cobbler_search_var_lib(httpd_t)
|
cobbler_search_lib(httpd_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
|
@ -6,11 +6,10 @@
|
|||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
## <summary>
|
## <summary>
|
||||||
## The type of the process performing this action.
|
## Domain allowed access.
|
||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
#
|
|
||||||
interface(`bind_initrc_domtrans',`
|
interface(`bind_initrc_domtrans',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type named_initrc_exec_t;
|
type named_initrc_exec_t;
|
||||||
@ -209,25 +208,6 @@ interface(`bind_manage_config_dirs',`
|
|||||||
manage_dirs_pattern($1, named_conf_t, named_conf_t)
|
manage_dirs_pattern($1, named_conf_t, named_conf_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## Manage BIND zone files.
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed access.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
interface(`bind_manage_zone',`
|
|
||||||
gen_require(`
|
|
||||||
type named_zone_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
files_search_var($1)
|
|
||||||
manage_files_pattern($1, named_zone_t, named_zone_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Search the BIND cache directory.
|
## Search the BIND cache directory.
|
||||||
@ -309,6 +289,25 @@ interface(`bind_read_zone',`
|
|||||||
read_files_pattern($1, named_zone_t, named_zone_t)
|
read_files_pattern($1, named_zone_t, named_zone_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Manage BIND zone files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`bind_manage_zone',`
|
||||||
|
gen_require(`
|
||||||
|
type named_zone_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_var($1)
|
||||||
|
manage_files_pattern($1, named_zone_t, named_zone_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Send and receive datagrams to and from named. (Deprecated)
|
## Send and receive datagrams to and from named. (Deprecated)
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t, s0)
|
/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t, s0)
|
||||||
/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0)
|
/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0)
|
||||||
|
|
||||||
/usr/bin/cobblerd -- gen_context(system_u:object_r:cobblerd_exec_t, s0)
|
/usr/bin/cobblerd -- gen_context(system_u:object_r:cobblerd_exec_t, s0)
|
||||||
|
|
||||||
/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0)
|
/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0)
|
||||||
/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0)
|
/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0)
|
||||||
|
@ -10,6 +10,42 @@
|
|||||||
## </p>
|
## </p>
|
||||||
## </desc>
|
## </desc>
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Execute a domain transition to run cobblerd.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed to transition.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`cobblerd_domtrans',`
|
||||||
|
gen_require(`
|
||||||
|
type cobblerd_t, cobblerd_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
domtrans_pattern($1, cobblerd_exec_t, cobblerd_t)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Execute cobblerd server in the cobblerd domain.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## The type of the process performing this action.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`cobblerd_initrc_domtrans',`
|
||||||
|
gen_require(`
|
||||||
|
type cobblerd_initrc_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
init_labeled_script_domtrans($1, cobblerd_initrc_exec_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read Cobbler content in /etc
|
## Read Cobbler content in /etc
|
||||||
@ -48,6 +84,25 @@ interface(`cobbler_dontaudit_rw_log',`
|
|||||||
dontaudit $1 cobbler_var_log_t:file rw_file_perms;
|
dontaudit $1 cobbler_var_log_t:file rw_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Search cobbler dirs in /var/lib
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`cobbler_search_lib',`
|
||||||
|
gen_require(`
|
||||||
|
type cobbler_var_lib_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
search_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
|
||||||
|
files_search_var_lib($1)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read cobbler files in /var/lib
|
## Read cobbler files in /var/lib
|
||||||
@ -58,7 +113,7 @@ interface(`cobbler_dontaudit_rw_log',`
|
|||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`cobbler_read_var_lib_files',`
|
interface(`cobbler_read_lib_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type cobbler_var_lib_t;
|
type cobbler_var_lib_t;
|
||||||
')
|
')
|
||||||
@ -77,7 +132,7 @@ interface(`cobbler_read_var_lib_files',`
|
|||||||
## </summary>
|
## </summary>
|
||||||
## </param>
|
## </param>
|
||||||
#
|
#
|
||||||
interface(`cobbler_manage_var_lib_files',`
|
interface(`cobbler_manage_lib_files',`
|
||||||
gen_require(`
|
gen_require(`
|
||||||
type cobbler_var_lib_t;
|
type cobbler_var_lib_t;
|
||||||
')
|
')
|
||||||
@ -86,61 +141,6 @@ interface(`cobbler_manage_var_lib_files',`
|
|||||||
files_search_var_lib($1)
|
files_search_var_lib($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## Search cobbler dirs in /var/lib
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed access.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
interface(`cobbler_search_var_lib',`
|
|
||||||
gen_require(`
|
|
||||||
type cobbler_var_lib_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
search_dirs_pattern($1, cobbler_var_lib_t, cobbler_var_lib_t)
|
|
||||||
files_search_var_lib($1)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## Execute a domain transition to run cobblerd.
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed to transition.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
interface(`cobblerd_domtrans',`
|
|
||||||
gen_require(`
|
|
||||||
type cobblerd_t, cobblerd_exec_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
domtrans_pattern($1, cobblerd_exec_t, cobblerd_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## Execute cobblerd server in the cobblerd domain.
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## The type of the process performing this action.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
interface(`cobblerd_initrc_domtrans',`
|
|
||||||
gen_require(`
|
|
||||||
type cobblerd_initrc_exec_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
init_labeled_script_domtrans($1, cobblerd_initrc_exec_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## All of the rules required to administrate
|
## All of the rules required to administrate
|
||||||
|
@ -52,6 +52,8 @@ read_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
|
|||||||
setattr_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
|
setattr_files_pattern(cobblerd_t, cobbler_var_log_t, cobbler_var_log_t)
|
||||||
logging_log_filetrans(cobblerd_t, cobbler_var_log_t, file)
|
logging_log_filetrans(cobblerd_t, cobbler_var_log_t, file)
|
||||||
|
|
||||||
|
kernel_read_system_state(cobblerd_t)
|
||||||
|
|
||||||
corecmd_exec_bin(cobblerd_t)
|
corecmd_exec_bin(cobblerd_t)
|
||||||
corecmd_exec_shell(cobblerd_t)
|
corecmd_exec_shell(cobblerd_t)
|
||||||
|
|
||||||
@ -67,13 +69,9 @@ corenet_tcp_sendrecv_generic_port(cobblerd_t)
|
|||||||
dev_read_urand(cobblerd_t)
|
dev_read_urand(cobblerd_t)
|
||||||
|
|
||||||
files_read_usr_files(cobblerd_t)
|
files_read_usr_files(cobblerd_t)
|
||||||
|
|
||||||
files_list_boot(cobblerd_t)
|
files_list_boot(cobblerd_t)
|
||||||
|
|
||||||
files_list_tmp(cobblerd_t)
|
files_list_tmp(cobblerd_t)
|
||||||
|
|
||||||
kernel_read_system_state(cobblerd_t)
|
|
||||||
|
|
||||||
miscfiles_read_localization(cobblerd_t)
|
miscfiles_read_localization(cobblerd_t)
|
||||||
miscfiles_read_public_files(cobblerd_t)
|
miscfiles_read_public_files(cobblerd_t)
|
||||||
|
|
||||||
@ -119,6 +117,5 @@ optional_policy(`
|
|||||||
')
|
')
|
||||||
|
|
||||||
optional_policy(`
|
optional_policy(`
|
||||||
tftp_manage_tftpdir_dirs(cobblerd_t)
|
tftp_manage_rw_content(cobblerd_t)
|
||||||
tftp_manage_tftpdir_files(cobblerd_t)
|
|
||||||
')
|
')
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/etc/dnsmasq\.conf -- gen_context(system_u:object_r:dnsmasq_etc_t, s0)
|
/etc/dnsmasq\.conf -- gen_context(system_u:object_r:dnsmasq_etc_t, s0)
|
||||||
/etc/rc\.d/init\.d/dnsmasq -- gen_context(system_u:object_r:dnsmasq_initrc_exec_t,s0)
|
/etc/rc\.d/init\.d/dnsmasq -- gen_context(system_u:object_r:dnsmasq_initrc_exec_t,s0)
|
||||||
|
|
||||||
/usr/sbin/dnsmasq -- gen_context(system_u:object_r:dnsmasq_exec_t,s0)
|
/usr/sbin/dnsmasq -- gen_context(system_u:object_r:dnsmasq_exec_t,s0)
|
||||||
|
@ -96,6 +96,44 @@ interface(`dnsmasq_kill',`
|
|||||||
allow $1 dnsmasq_t:process sigkill;
|
allow $1 dnsmasq_t:process sigkill;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Read dnsmasq config files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dnsmasq_read_config',`
|
||||||
|
gen_require(`
|
||||||
|
type dnsmasq_etc_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 dnsmasq_etc_t:file read_file_perms;
|
||||||
|
files_search_etc($1)
|
||||||
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Write to dnsmasq config files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`dnsmasq_write_config',`
|
||||||
|
gen_require(`
|
||||||
|
type dnsmasq_etc_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 dnsmasq_etc_t:file write_file_perms;
|
||||||
|
files_search_etc($1)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Delete dnsmasq pid files
|
## Delete dnsmasq pid files
|
||||||
@ -134,44 +172,6 @@ interface(`dnsmasq_read_pid_files',`
|
|||||||
read_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
|
read_files_pattern($1, dnsmasq_var_run_t, dnsmasq_var_run_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## Read dnsmasq config files.
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
interface(`dnsmasq_read_config',`
|
|
||||||
gen_require(`
|
|
||||||
type dnsmasq_etc_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
read_files_pattern($1, dnsmasq_etc_t, dnsmasq_etc_t)
|
|
||||||
files_search_etc($1)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## Write to dnsmasq config files.
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
interface(`dnsmasq_write_config',`
|
|
||||||
gen_require(`
|
|
||||||
type dnsmasq_etc_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
write_files_pattern($1, dnsmasq_etc_t, dnsmasq_etc_t)
|
|
||||||
files_search_etc($1)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## All of the rules required to administrate
|
## All of the rules required to administrate
|
||||||
|
@ -37,7 +37,7 @@ allow dnsmasq_t self:udp_socket create_socket_perms;
|
|||||||
allow dnsmasq_t self:packet_socket create_socket_perms;
|
allow dnsmasq_t self:packet_socket create_socket_perms;
|
||||||
allow dnsmasq_t self:rawip_socket create_socket_perms;
|
allow dnsmasq_t self:rawip_socket create_socket_perms;
|
||||||
|
|
||||||
read_files_pattern(dnsmasq_t, dnsmasq_etc_t, dnsmasq_etc_t)
|
allow dnsmasq_t dnsmasq_etc_t:file read_file_perms;
|
||||||
|
|
||||||
# dhcp leases
|
# dhcp leases
|
||||||
manage_files_pattern(dnsmasq_t, dnsmasq_lease_t, dnsmasq_lease_t)
|
manage_files_pattern(dnsmasq_t, dnsmasq_lease_t, dnsmasq_lease_t)
|
||||||
@ -71,6 +71,7 @@ dev_read_urand(dnsmasq_t)
|
|||||||
|
|
||||||
domain_use_interactive_fds(dnsmasq_t)
|
domain_use_interactive_fds(dnsmasq_t)
|
||||||
|
|
||||||
|
files_read_etc_files(dnsmasq_t)
|
||||||
files_read_etc_runtime_files(dnsmasq_t)
|
files_read_etc_runtime_files(dnsmasq_t)
|
||||||
|
|
||||||
fs_getattr_all_fs(dnsmasq_t)
|
fs_getattr_all_fs(dnsmasq_t)
|
||||||
|
@ -119,7 +119,7 @@ interface(`rsync_read_config',`
|
|||||||
type rsync_etc_t;
|
type rsync_etc_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
read_files_pattern($1, rsync_etc_t, rsync_etc_t)
|
allow $1 rsync_etc_t:file read_file_perms;
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
')
|
')
|
||||||
|
|
||||||
@ -138,6 +138,6 @@ interface(`rsync_write_config',`
|
|||||||
type rsync_etc_t;
|
type rsync_etc_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
write_files_pattern($1, rsync_etc_t, rsync_etc_t)
|
allow $1 rsync_etc_t:file read_file_perms;
|
||||||
files_search_etc($1)
|
files_search_etc($1)
|
||||||
')
|
')
|
||||||
|
@ -60,7 +60,7 @@ allow rsync_t self:udp_socket connected_socket_perms;
|
|||||||
allow rsync_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
|
allow rsync_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
|
||||||
#end for identd
|
#end for identd
|
||||||
|
|
||||||
read_files_pattern(rsync_t, rsync_etc_t, rsync_etc_t)
|
allow rsync_t rsync_etc_t:file read_file_perms;
|
||||||
|
|
||||||
allow rsync_t rsync_data_t:dir list_dir_perms;
|
allow rsync_t rsync_data_t:dir list_dir_perms;
|
||||||
read_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
|
read_files_pattern(rsync_t, rsync_data_t, rsync_data_t)
|
||||||
|
@ -1,43 +1,5 @@
|
|||||||
## <summary>Trivial file transfer protocol daemon</summary>
|
## <summary>Trivial file transfer protocol daemon</summary>
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## Manage tftp /var/lib files.
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed access.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
interface(`tftp_manage_tftpdir_dirs',`
|
|
||||||
gen_require(`
|
|
||||||
type tftpdir_rw_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
files_search_var_lib($1)
|
|
||||||
manage_dirs_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
|
||||||
## <summary>
|
|
||||||
## Manage tftp /var/lib files.
|
|
||||||
## </summary>
|
|
||||||
## <param name="domain">
|
|
||||||
## <summary>
|
|
||||||
## Domain allowed access.
|
|
||||||
## </summary>
|
|
||||||
## </param>
|
|
||||||
#
|
|
||||||
interface(`tftp_manage_tftpdir_files',`
|
|
||||||
gen_require(`
|
|
||||||
type tftpdir_rw_t;
|
|
||||||
')
|
|
||||||
|
|
||||||
files_search_var_lib($1)
|
|
||||||
manage_files_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read tftp content
|
## Read tftp content
|
||||||
@ -56,6 +18,26 @@ interface(`tftp_read_content',`
|
|||||||
read_files_pattern($1, tftpdir_t, tftpdir_t)
|
read_files_pattern($1, tftpdir_t, tftpdir_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Manage tftp /var/lib files.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`tftp_manage_rw_content',`
|
||||||
|
gen_require(`
|
||||||
|
type tftpdir_rw_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_var_lib($1)
|
||||||
|
manage_dirs_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
|
||||||
|
manage_files_pattern($1, tftpdir_rw_t, tftpdir_rw_t)
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## All of the rules required to administrate
|
## All of the rules required to administrate
|
||||||
|
@ -74,8 +74,8 @@ ifdef(`distro_redhat',`
|
|||||||
/var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
/var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
||||||
/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0)
|
||||||
|
|
||||||
/var/www/cobbler/images(/.*)? gen_context(system_u:object_r:public_content_rw_t, s0)
|
/var/www/cobbler/images(/.*)? gen_context(system_u:object_r:public_content_rw_t, s0)
|
||||||
/var/lib/cobbler/webui_sessions(/.*)? gen_context(system_u:object_r:public_content_rw_t, s0)
|
/var/lib/cobbler/webui_sessions(/.*)? gen_context(system_u:object_r:public_content_rw_t, s0)
|
||||||
|
|
||||||
/var/spool/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
/var/spool/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0)
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0)
|
/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||||
/etc/dhcpd\.conf -- gen_context(system_u:object_r:dhcp_etc_t,s0)
|
/etc/dhcpd\.conf -- gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||||
/etc/dhcp/dhcpd\.conf -- gen_context(system_u:object_r:dhcp_etc_t,s0)
|
/etc/dhcp/dhcpd\.conf -- gen_context(system_u:object_r:dhcp_etc_t,s0)
|
||||||
/etc/ethers -- gen_context(system_u:object_r:net_conf_t,s0)
|
/etc/ethers -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||||
/etc/resolv\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
/etc/resolv\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||||
/etc/yp\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
/etc/yp\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user